Release v40.25: Allow virtqemud connect to sanlock over a unix stream socket · fedora-selinux/selinux-policy

v40.25
9ee81a8
Compare

Choose a tag to compare

Loading

View all tags

v40.25: Allow virtqemud connect to sanlock over a unix stream socket

v40.25
9ee81a8
Compare

Choose a tag to compare

Loading

View all tags

zpytela tagged this 23 Jul 08:40

This permission is allowed when the virt_use_sanlock tunable
is turned on.

The commit addresses the following AVC denials:
type=AVC msg=audit(1718964317.317:19438): avc:  denied  { write } for  pid=180681 comm="daemon-init" name="sanlock.sock" dev="tmpfs" ino=16749 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:sanlock_var_run_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1718964317.317:19438): avc:  denied  { connectto } for  pid=180681 comm="daemon-init" path="/run/sanlock/sanlock.sock" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1

Resolves: RHEL-44352

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly